What is the Brazilian General Data Protection Act?
Inspired by the European regulation (General Data Protection Regulation – GDPR), the Brazilian General Data Protection Act (in Portuguese, LGPD, Lei Geral de Proteção de Dados) establishes rules on collecting, handling, storing, and sharing of personal data managed by organizations. The new regulation establishes standards for managing data privacy and enables organizations to enhance their competitiveness
Among the actions curbed by the LDPG are the collection and use of personal data without consent, by both the private sector and public authorities, as well as the use of personal information for practicing unlawful or unfair discrimination.
Who is impacted?
The legislation is part of the Brazilian context of progressive adaptation to the best global data management practices and it covers all companies that offer services or have operations involving data handling in Brazil.
What are the punishments provided by the law?
Companies that violate the new law will be subject to the application of warnings, fines, embargoes, suspensions, and partial or total bans to performing their activities. Fines can reach up to 2% of the organization’s revenue, with a limit of R$50 million per violation.
More than compliance, competitiveness
In addition to securing individual rights, the LGPD aims to encourage the sustainable development of the economy and the businesses, based on the best international practices.
Both the Brazilian law and the GDPR require a strategic approach to the handling of personal data, which represents, on the other hand, a great opportunity for companies. Organizations can leverage regulations for obtaining a competitive advantage in the use of such data, with correct planning and the application of good privacy practices.
For that, companies will have to demonstrate compliance and responsibility with the laws in force, in order to increase the level of trust of all their stakeholders. ISO 27001 establishes requirements that define how to implement, monitor, maintain, and continuously improve the management system in line with the LGPD.
Companies doing business in Brazil would do well to look at Korn Traduções, who created a special Data Protection Program to building strict information security policies to obtain ISO 27001 certification.